https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123541#M17747 <P>hi,</P><P>Thank you for the response. Should have mentioned we are using static routing.</P> Sun, 11 Jul 2021 23:22:01 GMT ja123 2021-07-11T23:22:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123404#M17701 <P>The client is using CheckPoint R75.x and we have established a site-to-site VPN Connection. The VPN on our end was setup using AWS.&nbsp;</P><P>Were are able to ping from AWS to Checkpoint and receive a response, however, when the client pings from CheckPoint, the packets pass their firewall and into the tunnel but there is no response from AWS side.</P><P>The routing and rules are all setup correctly.&nbsp;</P><P>We are using 1 tunnel and AWS provides an outside and inside IPv4 cidr for the tunnel. The client used the outside cidr but wasn't sure what to do with the inside cidr. Does the inside cidr need to be added somewhere in CheckPoint?</P><P>Is there another step or solution we can take to address the above issue in terms of no receiving a response back?</P><P>&nbsp;</P> Fri, 09 Jul 2021 07:21:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123404#M17701 ja123 2021-07-09T07:21:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123452#M17732 <P>R75.x has been End of Support for quite a while and your client should upgrade to a supported release.<BR />The appropriate instructions to configure a VPN to AWS are:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108958&amp;partition=Basic&amp;product=CloudGuard" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108958&amp;partition=Basic&amp;product=CloudGuard</A></P> Fri, 09 Jul 2021 20:10:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123452#M17732 PhoneBoy 2021-07-09T20:10:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123454#M17733 <P>What&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;sent you is best example of how to configure VPN tunnel with AWS. Disregarding the version, which btw is totally unsupported, did you do any capture on the CP firewall to see why packet is not being received? Maybe do fw monitor, zdebug, try turn off securexl as a test?</P> Fri, 09 Jul 2021 22:38:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123454#M17733 the_rock 2021-07-09T22:38:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123541#M17747 <P>hi,</P><P>Thank you for the response. Should have mentioned we are using static routing.</P> Sun, 11 Jul 2021 23:22:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123541#M17747 ja123 2021-07-11T23:22:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123544#M17749 <P>While I believe it is possible to make it work in that manner it is far from optimal as the AWS VPN endpoint expects redundancy using VTIs and dynamic routing.<BR />We do have an SK for configurations without that, but as noted this is not a recommended configuration:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk113840&amp;partition=Advanced&amp;product=IPSec" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk113840&amp;partition=Advanced&amp;product=IPSec</A></P> Mon, 12 Jul 2021 00:29:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123544#M17749 PhoneBoy 2021-07-12T00:29:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123551#M17750 <P>Hi&nbsp;</P><P>Is the inside IPv4 cidr provided by AWS need to be utilised in CheckPoint?</P> Mon, 12 Jul 2021 02:44:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123551#M17750 ja123 2021-07-12T02:44:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123554#M17752 <P>In this configuration it seems to be:&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk100726" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk100726</A><BR />However, it refers to a later version than you're running.</P> Mon, 12 Jul 2021 04:04:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/No-response-from-AWS-when-pining-from-CheckPoint/m-p/123554#M17752 PhoneBoy 2021-07-12T04:04:22Z